"Package has been delivered" email? Be on guard for a scam
"Ransomware" is a nightmare for consumers but positively lucrative for scammers, which is why the pace of new attacks is speeding up.
The latest twist on ransomware is particularly audacious, with scammers using a spam campaign to reach as many consumers as possible with an enticing email come-on: "Your package has been delivered," according to new research from computer security firm Endgame.
If a consumer opens the attached file to find out more -- some people may think it refers to their tax returns, for instance -- the ransomware is unleashed.
Ransomware is particularly successful because the malware encrypts files on a victim's computer, keeping the files in lockdown until the victim either forks over a ransom or misses the deadline. If the latter happens, the files are deleted and lost to the user.
It's a lucrative business for criminals, with the FBI finding that the scam cost U.S. victims at least $18 million from April 2014 to June 2015. The pace of new attacks has only increased so far this year, Endgame said.
"The model is working for them, and I see it going no where but up anytime soon," said Mark Mager, senior malware researcher at Endgame. "The malware authors have come across this and said this is a really easy way to just milk money out of their victims."
The typical ransom is about $500, with the scammers typically asking for payment in Bitcoin because the digital currency is untraceable. But even if consumers pay up, there's no guarantee that the encryption key the scammers hand over will work, Mager said. Sometimes the key is faulty, and files end up damaged after recovery, for instance.
So far in 2016, more than a dozen new variations on ransomware have been identified, compared with about 10 for all of 2015, according to Endgame.
The version identified by Endgame, Teslacrypt 4.1A, appears to be part of a widespread spam campaign, with Mager noting that the criminals used random six-letter combinations followed by a domain name, such as @gmail.com. The malware also incorporates evasion techniques that make it more sophisticated than earlier versions.
Consumers have some options if they do fall victim to ransomware. Mager said they should first "attempt to restore the files from any local or shared network." Having backup copies of the files means the consumer can simply bypass the ransomware's demands.
Unfortunately, the newest variant targets the backup system in Windows, which means that Windows users would need another backup system to ensure they have copies of all their files.
"If you don't have any backups that weren't compromised, then you are likely in a not very good place," Mager said. "One of the only ways to be reassured is to do weekly, if not nightly, backups of your files to an external hard drive, and to literally unplug the drive in between the backups."
Targets should generally avoid paying the ransom, although there have been some cases -- such as the Hollywood Presbyterian Medical Center -- where regaining access to files is of live-and-death importance. In that case, the hospital paid $17,000 to regain accessto its medical records system after getting hit by ransomware.
Aside from creating a backup system, consumers should also be vigilant about avoiding downloads from suspicious-looking emails.
"Use a little common sense and inspect the source of the email coming in," Mager said. "If there are little misspellings or grammar errors that don't make sense, that's something to take note of."